[Pkg-openssl-devel] Bug#575433: This is needed to pass PCI Compliance Checks

Jan Schulz-Hofen | ROCKET RENTALS jan at rocket-rentals.de
Thu Jun 3 13:29:42 UTC 2010


I came across this due to a recent PCI compliance check I did using
Comodo's HackerGuardian. I believe they use some nessus-based security
scanner which detects possible vulnerabilities by (among other things)
looking at banners and version numbers. Usually, I can point Comodo's
support staff to the CVE page on security-tracker.debian.org and if
it's marked as fixed in lenny, they agree to set the issue as false
positive for me. In this case, I cannot point them to
http://security-tracker.debian.org/tracker/CVE-2009-3245 because it's
still marked as vulnerable.

No matter the actual severity of this, I'd assume a number of people
need to have PCI compliance scans performed (you have to do that at
least quarterly to be able to accept and store credit card data), and
they are pretty standard, so I guess a fix in stable would benefit a
larger audience. I'd be willing to help, but I have never
build/patched/submitted a Debian package before :(





More information about the Pkg-openssl-devel mailing list